I have a game on my system (Sierra's 3-D Cool Pool) that I have had for at least 6 years now. It was installed from the manufacturer's CD and has been just fine all along. This morning at 1:47am I received an alert from VS that it had detected a Trojan in the coolpool.exe file (main executable) and cleaned (removed) it. The game no longer would work as the file was gone. Tried reinstalling from the CD and it seemed to be going OK until it went to install that file. VS blocked the file from installing. The Trojan being detected was Generic.dx!vdu , which according to the McAfee site was only discovered on 12/11/2010.
Why is a new trojan being detected in a file on a manufacturer's CD that was purchased at least 6 years ago? Doesn't make a lot of sense. If the trojan has been around that long , why was it not detected untiil now? I tried sending the file to McAfee , but VS will not allow access to the file at all.
The file was just uploaded and the ID number is 6423034.
Just got the report. Of course , it said the file was infected with the trojan. Still makes no sense that a file on a commercial CD (read only) purchased 6+ years ago is found to be infected with a just discovered trojan. The game has been on my system (purchased in 11/05) all along.
False positive??Message was edited by: jmckee on 12/13/10 8:16:43 PM EST
I will flag this off to some one from the labs to take a look at it.
In the meantime you could reply to the automated mail refuting the automated detection ( this should trip the detection to researcher by default)
I just anlayzed the binary which you have attached. It need some dependency to anlayze dynamically so i did static analysis to the best of my knowledge.Actually the binary will try to connect with follwing servers below
when i google it about the above servers and i found that they are only the game servers and not malicious.
so that is the reason they are flagging it is a malware.I think it is a false positive and has to be fixed.
Thank you for tracking down the problem! I knew it had to be a false positive since the CD is read only and has not even been in used in 5 years (since the game was installed). Please let me know when the problem is fixed.
Propably you have to follow these gudelines below to for report false positive.
If you have followed then we have to wait till Vinod help us.
RajeshMessage was edited by: Rajesh Nataraj KP on 16/12/10 2:28:47 PM IST